The disclosure generally relates to data security, and more specifically, to techniques for detection and prevention of security incidents on a computerized environment.
Nowadays, as organizations and enterprises increase in size, they are increasingly more susceptible to malicious attacks. In order to identify such attacks, a number of different anti-virus applications are currently available. These applications must be deployed into a computerized environment and are supposed to terminate malicious activity within the network. These applications are typically used for managing the data and communication.
Other solutions known in related art only provide threat detection and do not provide any mitigation process. The majority of these solutions rely upon a basic engine that searches suspect files for the presence of predetermined virus signatures.
Firewall is a network security system solution that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted, secure internal network and another outside network, such as the Internet, that is assumed not to be secure or trusted. Firewalls are often categorized as either network firewalls or host-based firewalls. Network firewalls are a software appliance running on general purpose hardware or hardware-based firewall computer appliances that filter traffic between two or more networks. Host-based firewalls provide a layer of software on one host that controls network traffic in and out of that single machine.
However, firewalls cannot inspect an application and do not have deep applications awareness. Therefore, firewall solutions are typically capable of identifying only certain activities such as file downloads and uploads and this provides a limitation on such solutions. Therefore, further forensics, and attribute level awareness, i.e. the files permissions, owner, content and classification, are typically beyond the capabilities of firewall-like solutions. Furthermore, firewalls and other network based solution such as Web Proxies, Access and Entitlement Management, etc., would require customized configuration and/or adaptor developments and integration in order to comprehend individual application(s) activities and resources.
It would be therefore advantageous to provide a solution that overcomes some of the deficiencies of the related art by enabling the inspection and interception of all events in a network for providing granular access control, threat protection and forensics without requiring complex and customized pre-configuration.